192.168.1.1AABB:CCDD:FF%eth0www.target.com192.168.0-255.0-255192.168.0.0/16-iL <filename>-F: scan 100 most popular ports-p<port1>-<port2>: port range-p<port1>,<port2>,...: port list-pU:53,U:110,T20-445: mix TCP and UDP-r: scan ports consecutively - don't randomize--top-ports <n>: scan n most popular ports-p-65535: leaving off initial ports make nmap scan start at port 1-p0-: leaving off end port makes nmap scan up to port 65535-p: leaving off start and end port makes nmap scan ports 1-65535-Pn: treat all hosts as online -- skip host discovery-PB: default probe (TCP 80, 445 & ICMP)-PS<port list>: check wheter targets are up by probing TCP ports-PE: use ICMP echo request.-PP: use ICMP timestamp request.-PM: use ICMP netmask request.-sn: probe only (host discovery, not port scan)-sT: TCP connect scan-sU: UDP scan-sV: version scan-O: OS detection--scanflags: set custom list of TCP using URGACKPSHRSTSYNFIN in asy order.-T0: paranoid scan, a very slow scan (used for IDS evasion)-T1: sneaky scan, excellent for avoiding firewalls (used for IDS evasion)-T2: polite scan, unlikely to interfere with the target system (-10 times slower than default)-T3: normal scan, the default NMAP timing template (based on target responsiveness)-T4: aggressive scan, provides faster results on LANs (may overwhelm targets)-T5: insane scan, a fast aggressive scan (will likely overwhelm targets or miss open ports)-oN: standard nmap output-oG: greppable format-oX: XML format-oA <basename>: generate nmap, greppable, and XML output files using basename for files--script: specify a script to run on the target-sC: equivalent to --script=default-n/-R: never do DNS resolution/Always resolve [default: sometimes]-6: use IPv6 only-A: use several features, includinig OS detection, version detection, script scanning (default), and traceroute.--reason: display reason nmap thinks port is open, closed, or filtered.--open: only show open (or possibly open) ports-v: increase verbosity level (use -vv or more for greater effect)